pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q3]: pkgsrc/x11/gtk2 Pullup ticket 926 - requested by Lubo...
details: https://anonhg.NetBSD.org/pkgsrc/rev/e94f2d8877a6
branches: pkgsrc-2005Q3
changeset: 499711:e94f2d8877a6
user: snj <snj%pkgsrc.org@localhost>
date: Sun Nov 27 21:18:50 2005 +0000
description:
Pullup ticket 926 - requested by Lubomir Sedlacik
security fix for gtk2
Apply patch to fix two security issues in the bundled gdk-pixbuf library.
diffstat:
x11/gtk2/Makefile | 3 ++-
x11/gtk2/distinfo | 3 ++-
x11/gtk2/patches/patch-ai | 27 +++++++++++++++++++++++++++
3 files changed, 31 insertions(+), 2 deletions(-)
diffs (59 lines):
diff -r ae43f30059f2 -r e94f2d8877a6 x11/gtk2/Makefile
--- a/x11/gtk2/Makefile Sun Nov 27 21:14:26 2005 +0000
+++ b/x11/gtk2/Makefile Sun Nov 27 21:18:50 2005 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.93 2005/09/26 11:47:24 jmmv Exp $
+# $NetBSD: Makefile,v 1.93.2.1 2005/11/27 21:18:50 snj Exp $
#
DISTNAME= gtk+-2.6.10
PKGNAME= ${DISTNAME:S/gtk/gtk2/}
+PKGREVISION= 1
CATEGORIES= x11
MASTER_SITES= ftp://ftp.gtk.org/pub/gtk/v2.6/ \
ftp://ftp.cs.umn.edu/pub/gimp/gtk/v2.6/ \
diff -r ae43f30059f2 -r e94f2d8877a6 x11/gtk2/distinfo
--- a/x11/gtk2/distinfo Sun Nov 27 21:14:26 2005 +0000
+++ b/x11/gtk2/distinfo Sun Nov 27 21:18:50 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.50 2005/08/25 21:04:11 jmmv Exp $
+$NetBSD: distinfo,v 1.50.2.1 2005/11/27 21:18:50 snj Exp $
SHA1 (gtk+-2.6.10.tar.bz2) = 9ba627683e0dc4bceb5fb900c1ee687638d95fcd
RMD160 (gtk+-2.6.10.tar.bz2) = 5bb2e4de406e0e6ccf5c66ec48f6ba3e5b0911ff
@@ -11,3 +11,4 @@
SHA1 (patch-af) = 6797fd34be0a34368f6edede2321562678b112ff
SHA1 (patch-ag) = dc4d72a39e426b880ca69ba8bc499fdaf42e0da8
SHA1 (patch-ah) = 486d6601d6dba04830a8645c6a5791755e6538d9
+SHA1 (patch-ai) = d38e23521afb800898e8db930ffdb5ce1f2da198
diff -r ae43f30059f2 -r e94f2d8877a6 x11/gtk2/patches/patch-ai
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/gtk2/patches/patch-ai Sun Nov 27 21:18:50 2005 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-ai,v 1.10.2.1 2005/11/27 21:18:50 snj Exp $
+
+Security fixes for CVE-2005-2975 and CVE-2005-3186.
+
+--- gdk-pixbuf/io-xpm.c.orig 2005-08-18 16:10:56.000000000 +0200
++++ gdk-pixbuf/io-xpm.c 2005-11-26 09:46:35.000000000 +0100
+@@ -1167,7 +1167,8 @@ file_buffer (enum buf_op op, gpointer ha
+ /* Fall through to the xpm_read_string. */
+
+ case op_body:
+- xpm_read_string (h->infile, &h->buffer, &h->buffer_size);
++ if(!xpm_read_string (h->infile, &h->buffer, &h->buffer_size))
++ return NULL;
+ return h->buffer;
+
+ default:
+@@ -1262,7 +1263,9 @@ pixbuf_create_from_xpm (const gchar * (*
+ _("XPM has invalid number of chars per pixel"));
+ return NULL;
+ }
+- if (n_col <= 0 || n_col >= G_MAXINT / (cpp + 1)) {
++ if (n_col <= 0 ||
++ n_col >= G_MAXINT / (cpp + 1) ||
++ n_col >= G_MAXINT / sizeof (XPMColor)) {
+ g_set_error (error,
+ GDK_PIXBUF_ERROR,
+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
Home |
Main Index |
Thread Index |
Old Index